Programmer's Mindset

Should Website Authentication Really Require Email Addresses?

At SDPHP we are starting an open source project (grouptopics) for user groups, but that is for another post.

We are setting up oAuth authentication with Google, Twitter, and Facebook.  While doing so, the developer that did the initial integration stopped with the Twitter integration because they do not give you an email address, and he is steadfast that an email address should be required for a user.

I have thought a lot about this lately, and I am of the personal belief that an email address is not required.  While I would like to have one for communication, the main goal is authentication.  Having the email address does nothing to accomplish this authentication, it just serves our greedy desire to send emails that are probably unwanted.

I have not given any final direction towards the group.  What are your thoughts?  Do I listen to him and require it, or go with my gut and say that it shouldn’t be required?



Just had my first GitHub pull request put…

Just had my first GitHub pull request put into a project. Happy to contribute, even in small ways.


Multiple WordPress Blogs in One Installation

I have been hosting multiple wordpress blogs in one installation for a few years now. I like that I can upgrade one installation, and they all upgrade. I don’t have to go through 10 different installs/upgrades.

There are a few things that can be considered either a pro or a con based on your point of view. If one blog uploads a theme or a plugin, it is available to all the others. This doesn’t mean that if one enables it, they all have to have it enabled. It’s just there, so each can install if they need to.

One serious downside is customization. If one blog customizes a template, another blog can’t use it unless they too want that customization.

On to the nitty-gritty, all I do is change the wp-load.php file and copy the wp-config.php file. I copy the wp-config.php to wp-config-DOMAINNAME.php (example Each config file changes the database table prefix.

Here is a diff for the wp-load.php file. It just changes an if statement to load our individual config, if it doesn’t exist, it loads the original wp-load.php.

--- wp-load-orig.php	2011-03-07 15:18:12.000000000 -0500
+++ wp-load.php	2011-03-07 10:30:04.000000000 -0500
@@ -24,7 +24,12 @@
-if ( file_exists( ABSPATH . 'wp-config.php') ) {
+if ( file_exists( ABSPATH . 'wp-config-'.$_SERVER['SERVER_NAME'].'.php') ) {
+  /** The config file resides in ABSPATH */
+  require_once( ABSPATH . 'wp-config-'.$_SERVER['SERVER_NAME'].'.php' );
+} elseif ( file_exists( ABSPATH . 'wp-config.php') ) {
 	/** The config file resides in ABSPATH */
 	require_once( ABSPATH . 'wp-config.php' );


Patching osticket for PHP 5.3

OSTicket is a decent piece of software for customer service. I upgraded to PHP 5.3 and had some problems because they are trying to keep it working all the way back to PHP 4. 🙁

Here is a patch to fix the eregi_replace deprecated errors.

diff --git a/osticket/include/class.format.php b/osticket/include/class.format.php
index 6cbb414..0380268 100644
--- a/osticket/include/class.format.php
+++ b/osticket/include/class.format.php
@@ -78,10 +78,10 @@ class Format {

     //make urls clickable. Mainly for display
     function clickableurls($text) {
-        $text=eregi_replace('(((f|ht){1}tp(s?)://)[-a-zA-Z0-9@:%_\+.~#?&//=]+)','\\1', $text);
-        $text=eregi_replace("(^|[ \n\r\t])(www\.([a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+)(/[^/ \n\r]*)*)",
+        $text=preg_replace('#(((f|ht){1}tp(s?)://)[-a-zA-Z0-9@:%_\+.~\#?&//=]+)#','\\1', $text);
+        $text=preg_replace("#(^|[ \n\r\t])(www\.([a-zA-Z0-9_-]+(\.[a-zA-Z0-9_-]+)+)(/[^/ \n\r]*)*)#",
                 '\\1\\2', $text);
-        $text=eregi_replace("(^|[ \n\r\t])([_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,4})",'\\1\\2', $text);
+        $text=preg_replace("#(^|[ \n\r\t])([_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,4})#",'\\1\\2', $text);

         return $text;

diff --git a/osticket/include/class.validator.php b/osticket/include/class.validator.php
index 284d7c7..697d99c 100644
--- a/osticket/include/class.validator.php
+++ b/osticket/include/class.validator.php
@@ -126,15 +126,15 @@ class Validator {

     /* Functione below can be called directly without class instance. Validator::func(var..); */
     function is_email($email) {
-        return eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$",trim($email));
+        return preg_match("#^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$#",trim($email));
     function is_phone($phone) {
-        $stripped=eregi_replace("(\(|\)|\-|\+)","",ereg_replace("([  ]+)","",$phone));
+        $stripped=preg_replace("#(\(|\)|\-|\+)","",preg_replace("/([  ]+)#/","",$phone));
         return (!is_numeric($stripped) || ((strlen($stripped)<7) || (strlen($stripped)>13)))?false:true;

     function is_url($url) { //Thanks to 4ice for the fix.
-        $urlregex = "^(https?)\:\/\/";
+        $urlregex = "#^(https?)\:\/\/";
         // USER AND PASS (optional)
         $urlregex .= "([a-z0-9+!*(),;?&=\$_.-]+(\:[a-z0-9+!*(),;?&=\$_.-]+)?@)?";
         // HOSTNAME OR IP
@@ -149,9 +149,9 @@ class Validator {
         // GET Query (optional)
         $urlregex .= "(\?[a-z+&\$_.-][a-z0-9;:@/&%=+\$_.-]*)?";
         // ANCHOR (optional)
-        $urlregex .= "(#[a-z_.-][a-z0-9+\$_.-]*)?\$";
+        $urlregex .= "(\#[a-z_.-][a-z0-9+\$_.-]*)?\$#";

-        return eregi($urlregex, $url)?true:false;
+        return preg_match($urlregex, $url)?true:false;

@@ -161,7 +161,7 @@ class Validator {
             return false;

-        if(ereg("^[0-9]{1,3}(.[0-9]{1,3}){3}$",$ip)) {
+        if(preg_match("#^[0-9]{1,3}(.[0-9]{1,3}){3}$#",$ip)) {
             foreach(explode(".", $ip) as $block)
                 if($block<0 || $block>255 )
                     return false;